Lucene search
K

97 matches found

NVD
NVD
added 2025/08/28 1:16 p.m.3 views

CVE-2025-53576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a through = 1.2.8...

8.1CVSS0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/19 5:32 p.m.4 views

CVE-2025-9150 Surbowl dormitory-management-php violation_add.php sql injection

A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violationadd.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote...

7.5CVSS7.5AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/08/15 3:15 a.m.6 views

CVE-2025-9002

A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

9.8CVSS5.7AI score0.00505EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.3 views

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS7.7AI score0.00397EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.4 views

WordPress plugin Capie 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS7.6AI score0.00669EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

SourceCodester Online Eyewear Shop 安全漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL that provides an online shopping and ordering platform for the eyewear business and its potential customers. A security vulnerability exists in SourceCodester Onli...

7.5CVSS6.9AI score0.00404EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

WordPress plugin Pop-Up Chop Chop 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS8.5AI score0.00547EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/11 4:19 p.m.3 views

php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...

5.3CVSS5.7AI score0.00947EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP. An attacker who exploits this vulnerability can cause an integer overflow by entering an uncontrolled long string into the ldapescape function, resulting in an out-of-bounds write. The...

9.8CVSS5.8AI score0.01284EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.4 views

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

6.8AI score
Exploits0References2
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.3 views

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/04/29 4:15 a.m.6 views

AZL-40070 CVE-2024-2756 affecting package php for versions less than 8.1.28-1

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.4AI score0.3786EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the costcenterid parameter on the /cupseasylive/costcentercreate.php page. An attacker...

8.2CVSS7AI score0.00399EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/10/19 1:33 p.m.5 views

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

8.6CVSS7.4AI score0.0121EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.5 views

Jedox 安全漏洞

Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2022.4.2 and earlier versions. An attacker can exploit the...

7.5CVSS7.7AI score0.06741EPSS
Exploits7References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS6.5AI score0.03393EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

7.5CVSS7.4AI score0.04609EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.5 views

SUSE CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

6.5CVSS6.8AI score0.16853EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.4 views

PHP Link Shortener SQL注入漏洞

PHP Link Shortener is a very simple lightweight URL shorter or simpler written in PHP by Mike Harris personal developer. PHP Link Shortener suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter $link id resulting in sql injection...

9.8CVSS6.6AI score0.00591EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.5 views

The vulnerability of the CMS system SDCMS, related to improper code generation, allows a hacker to execute arbitrary PHP code.

The vulnerability of the CMS system SDCMS is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code...

9CVSS8.1AI score0.02917EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder